rpms/qemu-kvm
5
0
Fork 0
Code Issues Pull Requests Releases Activity
72caf15fff
qemu-kvm/kvm-kvm-memory-Make-memory-type-private-by-default-if-it.patch
Miroslav Rezanina b585ec0abd * Wed Aug 14 2024 Miroslav Rezanina <mrezanin@redhat.com> - 9.0.0-8 
- kvm-introduce-pc_rhel_9_5_compat.patch [RHEL-39544]
- kvm-target-i386-add-guest-phys-bits-cpu-property.patch [RHEL-39544]
- kvm-kvm-add-support-for-guest-physical-bits.patch [RHEL-39544]
- kvm-i386-kvm-Move-architectural-CPUID-leaf-generation-to.patch [RHEL-39544]
- kvm-target-i386-Introduce-Icelake-Server-v7-to-enable-TS.patch [RHEL-39544]
- kvm-target-i386-Add-new-CPU-model-SierraForest.patch [RHEL-39544]
- kvm-target-i386-Export-RFDS-bit-to-guests.patch [RHEL-39544]
- kvm-pci-host-q35-Move-PAM-initialization-above-SMRAM-ini.patch [RHEL-39544]
- kvm-q35-Introduce-smm_ranges-property-for-q35-pci-host.patch [RHEL-39544]
- kvm-hw-i386-acpi-Set-PCAT_COMPAT-bit-only-when-pic-is-no.patch [RHEL-39544]
- kvm-confidential-guest-support-Add-kvm_init-and-kvm_rese.patch [RHEL-39544]
- kvm-i386-sev-Switch-to-use-confidential_guest_kvm_init.patch [RHEL-39544]
- kvm-ppc-pef-switch-to-use-confidential_guest_kvm_init-re.patch [RHEL-39544]
- kvm-s390-Switch-to-use-confidential_guest_kvm_init.patch [RHEL-39544]
- kvm-scripts-update-linux-headers-Add-setup_data.h-to-imp.patch [RHEL-39544]
- kvm-scripts-update-linux-headers-Add-bits.h-to-file-impo.patch [RHEL-39544]
- kvm-linux-headers-update-to-current-kvm-next.patch [RHEL-39544]
- kvm-runstate-skip-initial-CPU-reset-if-reset-is-not-actu.patch [RHEL-39544]
- kvm-KVM-track-whether-guest-state-is-encrypted.patch [RHEL-39544]
- kvm-KVM-remove-kvm_arch_cpu_check_are_resettable.patch [RHEL-39544]
- kvm-target-i386-introduce-x86-confidential-guest.patch [RHEL-39544]
- kvm-target-i386-Implement-mc-kvm_type-to-get-VM-type.patch [RHEL-39544]
- kvm-target-i386-SEV-use-KVM_SEV_INIT2-if-possible.patch [RHEL-39544]
- kvm-i386-sev-Add-legacy-vm-type-parameter-for-SEV-guest-.patch [RHEL-39544]
- kvm-hw-i386-sev-Use-legacy-SEV-VM-types-for-older-machin.patch [RHEL-39544]
- kvm-trace-kvm-Split-address-space-and-slot-id-in-trace_k.patch [RHEL-39544]
- kvm-kvm-Introduce-support-for-memory_attributes.patch [RHEL-39544]
- kvm-RAMBlock-Add-support-of-KVM-private-guest-memfd.patch [RHEL-39544]
- kvm-kvm-Enable-KVM_SET_USER_MEMORY_REGION2-for-memslot.patch [RHEL-39544]
- kvm-kvm-memory-Make-memory-type-private-by-default-if-it.patch [RHEL-39544]
- kvm-HostMem-Add-mechanism-to-opt-in-kvm-guest-memfd-via-.patch [RHEL-39544]
- kvm-RAMBlock-make-guest_memfd-require-uncoordinated-disc.patch [RHEL-39544]
- kvm-physmem-Introduce-ram_block_discard_guest_memfd_rang.patch [RHEL-39544]
- kvm-kvm-handle-KVM_EXIT_MEMORY_FAULT.patch [RHEL-39544]
- kvm-kvm-tdx-Don-t-complain-when-converting-vMMIO-region-.patch [RHEL-39544]
- kvm-kvm-tdx-Ignore-memory-conversion-to-shared-of-unassi.patch [RHEL-39544]
- kvm-hw-i386-x86-Eliminate-two-if-statements-in-x86_bios_.patch [RHEL-39544]
- kvm-hw-i386-Have-x86_bios_rom_init-take-X86MachineState-.patch [RHEL-39544]
- kvm-hw-i386-pc_sysfw-Remove-unused-parameter-from-pc_isa.patch [RHEL-39544]
- kvm-hw-i386-x86-Don-t-leak-isa-bios-memory-regions.patch [RHEL-39544]
- kvm-hw-i386-x86-Don-t-leak-pc.bios-memory-region.patch [RHEL-39544]
- kvm-hw-i386-x86-Extract-x86_isa_bios_init-from-x86_bios_.patch [RHEL-39544]
- kvm-hw-i386-pc_sysfw-Alias-rather-than-copy-isa-bios-reg.patch [RHEL-39544]
- kvm-i386-correctly-select-code-in-hw-i386-that-depends-o.patch [RHEL-39544]
- kvm-i386-pc-remove-unnecessary-MachineClass-overrides.patch [RHEL-39544]
- kvm-hw-i386-split-x86.c-in-multiple-parts.patch [RHEL-39544]
- kvm-scripts-update-linux-header.sh-be-more-src-tree-frie.patch [RHEL-39544]
- kvm-scripts-update-linux-headers.sh-Remove-temporary-dir.patch [RHEL-39544]
- kvm-scripts-update-linux-headers.sh-Fix-the-path-of-setu.patch [RHEL-39544]
- kvm-update-linux-headers-fix-forwarding-to-asm-generic-h.patch [RHEL-39544]
- kvm-update-linux-headers-move-pvpanic.h-to-correct-direc.patch [RHEL-39544]
- kvm-linux-headers-Update-to-current-kvm-next.patch [RHEL-39544]
- kvm-update-linux-headers-import-linux-kvm_para.h-header.patch [RHEL-39544]
- kvm-machine-allow-early-use-of-machine_require_guest_mem.patch [RHEL-39544]
- kvm-i386-sev-Replace-error_report-with-error_setg.patch [RHEL-39544]
- kvm-i386-sev-Introduce-sev-common-type-to-encapsulate-co.patch [RHEL-39544]
- kvm-i386-sev-Move-sev_launch_update-to-separate-class-me.patch [RHEL-39544]
- kvm-i386-sev-Move-sev_launch_finish-to-separate-class-me.patch [RHEL-39544]
- kvm-i386-sev-Introduce-sev-snp-guest-object.patch [RHEL-39544]
- kvm-i386-sev-Add-a-sev_snp_enabled-helper.patch [RHEL-39544]
- kvm-i386-sev-Add-sev_kvm_init-override-for-SEV-class.patch [RHEL-39544]
- kvm-i386-sev-Add-snp_kvm_init-override-for-SNP-class.patch [RHEL-39544]
- kvm-i386-cpu-Set-SEV-SNP-CPUID-bit-when-SNP-enabled.patch [RHEL-39544]
- kvm-i386-sev-Don-t-return-launch-measurements-for-SEV-SN.patch [RHEL-39544]
- kvm-i386-sev-Add-a-class-method-to-determine-KVM-VM-type.patch [RHEL-39544]
- kvm-i386-sev-Update-query-sev-QAPI-format-to-handle-SEV-.patch [RHEL-39544]
- kvm-i386-sev-Add-the-SNP-launch-start-context.patch [RHEL-39544]
- kvm-i386-sev-Add-handling-to-encrypt-finalize-guest-laun.patch [RHEL-39544]
- kvm-i386-sev-Set-CPU-state-to-protected-once-SNP-guest-p.patch [RHEL-39544]
- kvm-hw-i386-sev-Add-function-to-get-SEV-metadata-from-OV.patch [RHEL-39544]
- kvm-i386-sev-Add-support-for-populating-OVMF-metadata-pa.patch [RHEL-39544]
- kvm-i386-sev-Add-support-for-SNP-CPUID-validation.patch [RHEL-39544]
- kvm-hw-i386-sev-Add-support-to-encrypt-BIOS-when-SEV-SNP.patch [RHEL-39544]
- kvm-i386-sev-Invoke-launch_updata_data-for-SEV-class.patch [RHEL-39544]
- kvm-i386-sev-Invoke-launch_updata_data-for-SNP-class.patch [RHEL-39544]
- kvm-i386-kvm-Add-KVM_EXIT_HYPERCALL-handling-for-KVM_HC_.patch [RHEL-39544]
- kvm-i386-sev-Enable-KVM_HC_MAP_GPA_RANGE-hcall-for-SNP-g.patch [RHEL-39544]
- kvm-i386-sev-Extract-build_kernel_loader_hashes.patch [RHEL-39544]
- kvm-i386-sev-Reorder-struct-declarations.patch [RHEL-39544]
- kvm-i386-sev-Allow-measured-direct-kernel-boot-on-SNP.patch [RHEL-39544]
- kvm-memory-Introduce-memory_region_init_ram_guest_memfd.patch [RHEL-39544]
- kvm-hw-i386-sev-Use-guest_memfd-for-legacy-ROMs.patch [RHEL-39544]
- kvm-hw-i386-Add-support-for-loading-BIOS-using-guest_mem.patch [RHEL-39544]
- kvm-i386-sev-fix-unreachable-code-coverity-issue.patch [RHEL-39544]
- kvm-i386-sev-Move-SEV_COMMON-null-check-before-dereferen.patch [RHEL-39544]
- kvm-i386-sev-Return-when-sev_common-is-null.patch [RHEL-39544]
- kvm-target-i386-SEV-fix-formatting-of-CPUID-mismatch-mes.patch [RHEL-39544]
- kvm-i386-sev-Fix-error-message-in-sev_get_capabilities.patch [RHEL-39544]
- kvm-i386-sev-Fallback-to-the-default-SEV-device-if-none-.patch [RHEL-39544]
- kvm-i386-sev-Don-t-allow-automatic-fallback-to-legacy-KV.patch [RHEL-39544]
- kvm-target-i386-SEV-fix-mismatch-in-vcek-disabled-proper.patch [RHEL-39544]
- kvm-virtio-rng-block-max-bytes-0.patch [RHEL-50336]
- kvm-scsi-disk-Use-positive-return-value-for-status-in-dm.patch [RHEL-50000]
- kvm-scsi-block-Don-t-skip-callback-for-sgio-error-status.patch [RHEL-50000]
- kvm-scsi-disk-Add-warning-comments-that-host_status-erro.patch [RHEL-50000]
- kvm-scsi-disk-Always-report-RESERVATION_CONFLICT-to-gues.patch [RHEL-50000]
- kvm-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch [RHEL-52617]
- kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch [RHEL-52617]
- kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch [RHEL-52617]
- kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch [RHEL-52617]
- Resolves: RHEL-39544
  ([QEMU] Add support for AMD SEV-SNP to Qemu)
- Resolves: RHEL-50336
  (Fail to boot up the guest including vtpm and virtio-rng (max-bytes=0) devices)
- Resolves: RHEL-50000
  (scsi-block: Cannot setup Windows Failover Cluster, qemu crashes on assert)
- Resolves: RHEL-52617
  (CVE-2024-7409 qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-9.5])
2024-08-14 01:38:22 -04:00

57 lines
2.0 KiB
Diff
Raw Blame History

From f9dc55dd179bb534d589af371c5c2a7886bd461e Mon Sep 17 00:00:00 2001
From: Xiaoyao Li <xiaoyao.li@intel.com>
Date: Wed, 20 Mar 2024 03:39:11 -0500
Subject: [PATCH 030/100] kvm/memory: Make memory type private by default if it
has guest memfd backend
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
RH-MergeRequest: 245: SEV-SNP support
RH-Jira: RHEL-39544
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Bandan Das <bdas@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Commit: [30/91] 5e21edf844b5629ee32c4075843b028561b97ae2 (bonzini/rhel-qemu-kvm)
KVM side leaves the memory to shared by default, which may incur the
overhead of paging conversion on the first visit of each page. Because
the expectation is that page is likely to private for the VMs that
require private memory (has guest memfd).
Explicitly set the memory to private when memory region has valid
guest memfd backend.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240320083945.991426-16-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit bd3bcf6962b664ca3bf9c60fdcc4534e8e3d0641)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
accel/kvm/kvm-all.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 5ef55e4dd7..3f99efc8cc 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1431,6 +1431,16 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
strerror(-err));
abort();
}
+
+ if (memory_region_has_guest_memfd(mr)) {
+ err = kvm_set_memory_attributes_private(start_addr, slot_size);
+ if (err) {
+ error_report("%s: failed to set memory attribute private: %s",
+ __func__, strerror(-err));
+ exit(1);
+ }
+ }
+
start_addr += slot_size;
ram_start_offset += slot_size;
ram += slot_size;
--
2.39.3
Reference in New Issue View Git Blame Copy Permalink